Who owns supply chain visibility data?

Who owns supply chain visibility data? Does the manufacturer of a product retain any rights to track that product after it enters the supply chain? What if the product is a pharmaceutical and it is found to have a life-threatening defect? Should technology or standards availability play any role in answering these questions?

These kinds of questions come up occasionally in discussions of track and trace systems design when people talk about the future of “full supply chain visibility” and how easy recalls will be executed because of it. The implication is that the manufacturer of a drug will be able to perform a targeted recall because they will be able to see exactly where their product is in the supply chain.

But one could easily make the argument that it is no longer “their product” once it enters the supply chain. True, they invented, manufactured and labeled it, and in a recall situation we all have a strong desire for them to get it back quickly and efficiently, but that doesn’t change the simple fact that they don’t own it anymore. And if they don’t own the product anymore then they don’t automatically own the knowledge of where it is either.

I’m not a lawyer but it seems to me that once a product is sold the seller gives up all rights to that product. The buyer can do whatever they want to with it, within the law of course. Recalls that are necessary for reasons that might be life-threatening are special and supply chain members should do everything they can to find and return any item that is involved in a recall. But is it necessary for the manufacturer to have instant access to the location of all of the affected product?

Serialization and track and trace will allow all supply chain participants to know a lot more than they do today about the location of recalled items just using the data that they clearly own. Compared with today, an individual company will know very quickly if they have ever received, shipped or currently have in stock the recalled units. If they currently have them in stock they will be able to place an immediate hold on those items to prevent them from being shipped to a customer until they have been collected and returned. If they have previously shipped the items to a customer they will know exactly which customers were involved and which unit went where. But that’s it. The knowledge of what their customers might have done with those products once they receive them is not owned by the seller.

WHO OWNS WHAT DATA?

I think it’s clear that each company owns the data that they create. Would anyone dispute that? But some of that data is shared with trading partners in the normal course of the selling and buying process. In that case, one could argue that both the buyer and the seller subsequently own that data. For example, the fact that pharmacy X bought drug Y from wholesaler Z is data that is known through direct experience by both X and Z. Did either company “create” that data? It seems to me that both X and Z can rightfully claim to own this data. Unless somehow bound by a contract, either one might choose to sell that data or give it away for free without consulting or negotiating with each other.

If data such as the one in my example above has value then it can be treated as any other asset that can be packaged, priced and sold. Today, supply chain data similar to this is collected, aggregated, priced and sold under terms that are determined by contracts.

THE VALUE OF SERIALIZED SUPPLY CHAIN DATA

But what about tomorrow? Things might get interesting when the sales transaction in my example above includes item-level serial numbers. The data available for that transaction would now include serialized references to the prior history of each item. Would that add any value to the original, non-serialized data? Depending on the needs of the data buyer, I think it might.

Now, I’m not predicting that data needed to properly execute a recall would ever be held for ransom. All I’m saying is that the supply chain visibility data that will come from serialization and track and trace technologies might have more value than the current data that is a source of revenue for some companies. This information is like any other intangible company asset. For this reason we should acknowledge that data ownership must be recognized and retained in the track and trace systems that we design for the future or those systems are unlikely to be adopted widely.

What does this mean for the ability to execute recalls efficiently in the future? I’m confident that supply chain visibility for recalls can be achieved without having to give data away at a financial loss, but it will require very selective visibility–some might call it selective blindness. With serialization and a well-designed supply chain track and trace system, recalls will execute very fast and efficiently without the need for end-to-end supply chain visibility by any single party.

GS1 has spent the last two years collecting end-user requirements for their next crown jewel standard, Discovery Services. Discovery Services, as envisioned by GS1, will be the cloud computing service that supply chain companies will go to initially to get more information about a serial number in their possession. I was a member of the requirements work group early on but I was unable to stay involved so I lost track of exactly where their efforts ended up. Having missed out on the development of these requirements I’m hoping that they strongly support the concept of data ownership. If that’s not in the completed requirements then the future standard may not be very attractive to some supply chains.

I understand that the GS1 Discovery Services standards-making work group is just about to kick off its work. If you have an interest in track and trace and/or data ownership, I suggest that you join. I’m going to.

The focus of the group is just as it sounds from the name. When any supply chain considers using GS1's Discovery Services (after the standard is complete, of course) data ownership and its related topics (access control, security, performance, …) must be well understood by the participants. Everyone who considers crossing that threshold must do so with eyes wide open. I believe this group could become the best source for information about the implications.

I started a discussion topic in that group using this blog post as the kickoff point and there are already several interesting comments from others. Check it out by joining.

Dirk.

Comments are closed.

RxTrace Recommends

About The Author

Dirk is a Regulatory Strategist with Systech International and founder of RxTrace. He has contributed to many of the industry groups that have been formed over the last 10 years to investigate solutions to the problem of counterfeit and other illegitimate drugs in the legitimate supply chain. He served as co-chair of a number of key technical work groups in GS1 and GS1 US. These include the original GS1 EPCglobal Drug Pedigree Messaging work group that created the DPMS pedigree standard, the Network Centric ePedigree (NCeP) work group and the RFID Barcode Interoperability Guideline work group. Dirk holds a BS in Electrical and Computer Engineering from the University of Wisconsin-Madison.

DISCLAIMER: RxTrace contains some of the personal thoughts, ideas and opinions of Dirk Rodgers. The material contained in RxTrace is not legal advice. Dirk Rodgers is not a lawyer.The reader must make their own decisions about the accuracy of the opinions expressed in RxTrace. Readers are encouraged to consult their own legal counseland trading partners before taking any actions based on information found in RxTrace. RxTrace is not a vehicle for communicatingthe positions of any company, organization or individual other than Dirk Rodgers.